We do have openapi validation, but certain header key value pairs should follow these rules:

• tcp header should only be set if nw_proto is TCP
• IPv4 and IPv6 src and dst should be either all v4 or all v6, and v4 should be mutually exclusive with v6

If an user sets this incorrectly an empty result will be returned, so this doesn't crash anything, but it'd be great to have better validation, just so users who are trying to trace are guided in the right direction if they happen to be using a payload that in practice isn't traceable.

HTTPException should be raised for this custom validation, take a look on this part on flow_manager as a reference.

Ps: HTTPException is automatic handled by our Starlette app middleware when it's raised in a @rest context.